Skills
skills/ascend/agent-skills/vllm-ascend-deploy/Gen Agent Trust Hub

vllm-ascend-deploy

Warn

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses SSH to execute arbitrary shell commands on remote systems throughout the deployment and status-checking phases.
  • [COMMAND_EXECUTION]: Deployment scripts create Docker containers with the --privileged flag, which grants the container nearly unrestricted access to the host system resources.
  • [COMMAND_EXECUTION]: The scripts/start_service.sh script uses the LD_PRELOAD environment variable to inject the libjemalloc.so.2 library into the vLLM process at runtime.
  • [CREDENTIALS_UNSAFE]: The instructions prompt the user to provide SSH passwords and automate the modification of the remote host's authorized_keys file to ensure persistent passwordless access.
  • [REMOTE_CODE_EXECUTION]: The skill implements a service monitoring loop using cron jobs that trigger agent logic to periodically perform SSH and Docker operations.
  • [DATA_EXFILTRATION]: The monitoring script scripts/monitor.sh sends service status updates and log excerpts to a vendor-provided notification endpoint at http://xiaoluban.rnd.huawei.com:80/.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 24, 2026, 07:21 AM